Posted
by
samzenpus
on Thursday August 01, 2013 @04:35AM
from the gift-that-keeps-on-giving dept.

Okian Warrior writes in about a package of heroin that found its way to the door of Brian Krebs. "'Fans' of [security researcher Brian Krebs] have shown their affection in some curious ways. One called in a phony hostage situation that resulted in a dozen heavily armed police surrounding my home. Another opened a $20,000 new line of credit in my name. Others sent more than $1,000 in bogus PayPal donations from hacked accounts. Still more admirers paid my cable bill for the next three years using stolen credit cards. Malware authors have even used my name and likeness to peddle their wares. But the most recent attempt to embarrass and fluster this author easily takes the cake as the most elaborate: Earlier this month, the administrator of an exclusive cybercrime forum hatched and executed a plan to purchase heroin, have it mailed to my home, and then spoof a phone call from one of my neighbors alerting the local police. Thankfully, I had already established a presence on his forum and was able to monitor the scam in real time and alert my local police well in advance of the delivery."

Would "Cybercriminals Had Heroin Delivered To Brian Krebs, Then Calls Police" be a better headline than "Cybercriminals Has Heroin Delivered To Brian Krebs, Then Calls Police", not being an English major I don't know for sure but am sure the slashdot editors have made the correct decision.

It's called subject-verb agreement. Singular subject agrees with singular verb, and plural subject agrees with plural verb. For example, "Cybercriminals have" is correct; as is "Cybercriminal has." I have; you have; he, she, or it has; we have, you have, they have. As another writer here pointed out, this is third grade grammar.

Usually I call for cutting/. editors slack, as they weren't English majors, but COME ON... "Cybercriminals has?" Guys, lay off the beer when you're at work.

Yeah, that really "clanged" in my mind's ear as well, but then I thought, "Hey, maybe these guys have incorporated, and 'Cybercriminals' is the name of the business", which would make the headline acceptable in the US.

I posted a comment on his blog a while ago where I questioned the validity of the results of his research [krebsonsecurity.com] that caught a lot of attention [slashdot.org] a while back. For example, one of his biggest finds was that that one of the scammer' name is Vasily Ivanovich Petrov, which is just a placeholder name just like Joe Public in Russian. He never approved my comment or provided any feedback. If he was an actual researcher, he wouldn't silence reasonable criticism towards him.

It's sad to see him get one meaningless article after another on Slashdot.

And so to you the only reasonable explanation is that he read your comment and covered it up, secure in knowing that no one else could catch that error, even though (assuming it's true) it would be obvious to millions of people.
Comments "awaiting moderation" are often never read by anyone and simply fall into a bucket. If they get moderated at all they can easily be inadvertently flagged as spam along with dozens and dozens of other actual spam comments.

even though (assuming it's true) it would be obvious to millions of people.

First of all, I greatly doubt his article was read by millions. Second of all, how many readers spoke Russian to spot the questionable moment? Very few, I must imagine.

Comments "awaiting moderation" are often never read by anyone and simply fall into a bucket.

That is certainly a valid thought. However, a few comments praising his research got approved both before and after mine. In addition, he commented on some of them in person. This is leading me believe that he did read my comment, even though I will never be able to prove it (great way to deal with the critique, Krebs!).

Are you saying that if Krebs did what OP is alleging, that makes it a conspiracy? Who would Krebs have to be in with? Krebs, himself? Is this perhaps why you're already implying that if Krebs takes action, that action is necessarily "evil"? Because you see Krebs as an unnatural form of two different people? I don't get it.

Banner adds and clickety click clicks. Plus of course marketing and gaining those highly profitable mass media consultancy (heavy on the con) spots, especially if you going to push the pro government security propaganda line. Of course it seems really lame to 'publicly' seek donations to purchase heroin unless of course you are seeking to publicly expose your scheme to frame someone (which doesn't make any sense at all), as obviously framing someone must be kept really really secret as it tends to fail oth

The whole part about publicly/semi-publicly (might as well be the same thing in many situations, and oh look there was Krebs himself sitting in the balcony) soliciting blackmail funds really is stupid when you put it plainly.

I was more floored by the fact that Krebs was allowed to tamper with the heroin that was delivered and take those pictures. I can't imagine a single sheriff's department anywhere in America that would find that Kosher. Funny, Kreb

You probably (if you tell the truth) just commented on a several-month-old blog post, nobody checks the spam filters of those.

One of the little known good features of Slashdot is that all threads go to archive mode in two weeks. This removes one of the biggest problems with blog spam, which is dropping SEO bait at the end of old comment threads, like bird poop on a car that's been parked under a tree for a few months. It also avoids the problem of people who can't be arsed to check the dates on threads, and post in dead threads as through there was still a conversation going on.

I posted a comment on his blog a while ago where I questioned the validity of the results of his research [krebsonsecurity.com] that caught a lot of attention [slashdot.org] a while back. For example, one of his biggest finds was that that one of the scammer' name is Vasily Ivanovich Petrov, which is just a placeholder name just like Joe Public in Russian. He never approved my comment or provided any feedback. If he was an actual researcher, he wouldn't silence reasonable criticism towards him.

It's sad to see him get one meaningless article after another on Slashdot.

I posted a suggestion to the Pope on how to run the Catholic church and he never approved the comment. This proves he's a fake, right?

The Pope is the de facto authority of the Catholic church. To back up this relationship, the Pope is regarded as infallible within the church. Questioning the Pope's authority over church matters doesn't even make sense, because it's an unquestionable authority.

On the other hand, Krebs is not de facto authority *over* the facts and knowledge of security. If Krebs says encryption doesn't work, that doesn't make encryption fail to work. Whereas if the Pope says

When yous ay some guy is "joe Smith" and the first hit is a general in the army... That means at least ONE person is named that way, and therefore ANOTHER can be. So your assumption that the name means nothing is falsified.

Great to see that you found the link I have already posted in an earlier reply [slashdot.org]! I didn't hold an

assumption that the name means nothing

I just raised the point which I believe is important that the criminal's name he presented as a significant result is likely to be fictional. If you were a security researcher yourself and a criminal you traced would call himself Joe Bloggs, you would want to recheck your sources before presenting your discovery, would you?There were lots of other questionable moments in his "research" related to Russian hackers,

He never approved my comment, so it never made it in the comment section. I didn't do anything significant, I just made a couple of observations that made his research look less exciting, the most significant find I already mentioned above. A good lesson for me to avoid dealing with blogs and bloggers that pre-moderate comments or at least preserve them locally.

It's not just Vasily Petrov. It's Vasily Ivanovich Petrov. Three very common placeholder names chained in a row. At least one person does [wikipedia.org] have this name, but it seems very fishy to see a name like that in a hacker's credentials. I did not claim anything, all I did was make a valid observation that casted certain doubts on the results his work and he effectively muted me instead of giving his thoughts about this or just silently approving my comment.

Not often, I'd think. Failed SWAT raids are quite expensive, and embarrassing. The SWAT members involved would not take wasting their time lightly.

Misreporting crimes to get them dealt with by another bureaucracy or other department, though, is an interesting way to work around frightened police or bystanders. Remember how assault, especially rape, victims are sometimes encouraged to scream "fire" insead of merely "help I'm being raped"? I've actually run to a fire alarm when my cell phone was out of charg

... that's because the article was cut and pasted from the link. Which the author does write (it's Krebs' blog). In the first person, naturally. Whoever wrote the article took the first instance of "me", and replaced it editorially [using braces], and then failed to understand that it would be within acceptable editing as well as much easier to read if they took the liberty of changing the rest of the first-person references to refer to Krebs, as well.

but I have to wonder how many bitcoin users are government intelligence officers of assorted nationalities, or even security officers for assorted private corporations doing stuff that they do not want traced.

This is obviously yet another blatant attempt by the federal government to discredit a real American hero. Not convinced? Look at the facts:

Heroin is known by several street names, including (but not limited to) smack, dope, junk, brown sugar, and WHITE HORSE

"Brian" is an Irish-Breton name meaning 'High'.

Krebs is German for 'Cancer', but in a pinch can also mean 'Crab'

'Crab' has four letters. Four in German is 'vier', which when pronounced sounds like 'fear' in English.

In July of 1963 a little-known top-secret project sanctioned by the CIA was started, which studied - among other things - the effects of illicit drugs on sea-faring crustaceans. The name of this project was Operation Dungeness. Among the members of the research team was - you guessed it - a German scientist of dubious political background, last name of Krabbe.

As the Dungeness scientists became deranged with drugs and power, their range of test subjects expanded from sea-faring crustaceans to rodents and finally to small orphan children

These orphas were harvested from foster homes and from the streets,to become nameless waifs, but one of these orphan children was nicknamed Brian Krebs ('High Crab') - a sick joke of the scientists

One dark and stormy night a lightning strike knocked out the main power transformer suppling power to the underground lab. In the ensuing chaos, Krebs escaped, but during the escape he was bitten by a radioactive sea-faring crustacean, and it left a mark in the shape of a 'K' on his outer right thigh

Armed with the truth, Krebs reached an uneasy truce with government goons, keeping them at bay - for now. But behind the scenes he wages a one man crusade against the mad CIA scientists who subjected him to a wide range of inhumane experiments as a nameless waif. Masquerading as a security expert, he uses his contacts in the underground to uncover evidence which will one day bring the perpetrators to justice.

But the government does not stand idly by: knowing that direct confrontation is out of the question, it instead opts for a campaign of slander, defamation, and sabotage. This latest attempt to deliver illicit drugs is not simply meant to defame and criminalize Krebs, it is a message. And that message is: "We are coming for you."

Another reason why the war on drugs does more harm than good. This guy is lucky to be alive and was very fortunate to have the wherewithal to be one step ahead of the ne'er-do-wells. Anyone else would have had a very real chance of getting injured, maimed or killed by the local paramilitary police force. Let's not kid ourselves, it probably helps that he's white and privileged, too.

If we had sane drug policy, the worst that could have happened is having the drugs confiscated and getting a slap-on-the-wrist regulatory fine.

But the criminal setup only works if the police response to it is over-the-top, and with drugs it always is. The police aren't responsible for this "prank" but they are responsible.

If I was your neighbor and I called the police suspecting you got a suspicious package that didn't involve drugs, it might warrant a squad driving by to check out the house and possibly stopping to talk to me (who made the call) to get more information. They might knock on your door and say "Yeah, your neighbor was concerned..

Let's not kid ourselves, it probably helps that he's white and privileged, too.

The vast majority of the US prison population is white and male. Women have significantly lower arrest, conviction, and incarceration rates - with significantly lower sentencing lengths, higher probation rates, etc. Women are enormously privileged when it comes to the criminal justice system, and that includes when they're victims; males are victims of violent crime at a ratio of 3:1 men:women, and case clearance rates for fe

A manager came into my office one day and asked if I would change her phone number because someone had been making appointments in her name with her contact information for breast enlargement consultations with various surgeons. They were calling her to confirm the appointments once or twice a week for a couple months.

If this story is legit, then the dumbfuck Brian should get a misdemeanor for tampering with evidence. His blog is proof that he knows it's evidence, so ignorance (not even normally allowed anyway) is no excuse.

Indeed, yesterday I read multiple summaries which had spelling errors that a fifth grader would catch when reading through. One can only surmise that Slashdot editors now need to spend less than three minutes writing a summary.

I don't know who he, but I get the feeling that if he keeps publicizing everything that people send his way or do to him, it might become an internet past-time for more people to start doing the same. It'll be like an internet gameshow:

"Who can send the craziest thing to Brian Krebs?"

It's all fun and games til somebody decides to send a shit covered blasting cap or who knows what else.

I'm still amazed the police gave a shit. Around here they normally just fob you off until the drugs actually arrive, then arrest you and take your DNA, computers, phones etc. Then finally when you get a lawyer they might drop the case (typically takes about six months if it's fast-tracked) and then after a few years you get your stuff back.

He looks pretty clean cut; that seems to go a long way with the police. From his history, it seems like the local police and him have a pretty intimate (and not adversarial) relationship. I think that helps quite a bit, too.

Repeat the situation with a mass-media stereotypical "hacker" and it would probably fit your description a little closer.

The police hate reports like this because they require huge resources to solve. Some guys in Russia ordered some drugs from the Farmers Market on Tor and paid with BitCoins. The seller presumably took steps to prevent them simply tracing the origin of the package. All the report does is add 1 to the unsolved drug crime stats for their area, making them look bad.

Brian Krebs is a former Washington Post investigative journalist who has been writing about Internet security issues for a long time. He writes a lot about malicious attacks and often exposes the attackers. These are not nice people, either; they are spammers, botnet herders, guys who make, sell and buy credit card skimmers, hackers who steal credit card info, guys who run DDoS-for-hire sites, etc.

He uses aliases to get himself invited to underground forums, monitors them for as long as he can, then exposes the criminals. The bad guys are also improving their own security, and becoming more adept at turning the tables. One forum placed unique values in the "# of posts" listed in the left side column of their forum, then outed him when he posted a screenshot.

Needless to say, the people he is messing with are very annoyed at him. They are trying all the tricks they can to harass him remotely, such as ordering merchandise paid for on his credit cards, sending him unwanted (and now illegal) stuff, and using his credit cards to donate to charities. They've been trying to send him all the craziest, most annoying, most hazardous stuff they can without personally touching the merchandise themselves. The most dangerous stuff they have managed to send him so far was the SWAT van full of cops in a midnight raid. If these guys could get someone else to ship him a live cobra in a box, or a shit covered blasting cap, they wouldn't hesitate for a second.

While he may not be a "hero", Mr. Krebs has done some good work at cleaning up several of the nastier elements that infest the Internet. You get less spam in your in box thanks to him.

The dealer probably got paid in BitCoin, so now he's really pissed. Don't worry though, if it was a large enough amount the dealers will get it back as soon as the lock on the back door of the evidence room breaks again.